I have such a mechanism of handling expired sessions:
User logged in
Session expires
User goes to link
User redirected to login page
User logs in
User redirected to requested link
What I would like to achieve is to have the same functionality with forms, as such:
User logged in
User starts to fill out a form
Session expires
User submits a form
User redirected to login page
User logs in
Form posted on behalf of user (aka redirect with post)
But as of now it works like this:
User logged in
User starts to fill out a form
Session expires
User submits a form
User redirected to login page
User logs in
User redirected to form page with all fields empty
User sad
I've tried to to it with http_redirect, but turns out it just adds parameters to the URL. The problem is, the server side does not accept GET, only POST. I've been trying to think of other ways to do this, like Autosave feature, javascript posting and redirection, etc.
Somebody must've experienced this problem before.
Any ideas?
There are several ways that i think
1) increase session.gc_maxlifetime value to higher (1 day or more). If using own session, same logic for it.
2) Make session never expire unless user logout
3) When user submit POST and session expire, store form data to session itself and after redirect get data from session. Or use get method after redirect
4) Continously check session with ajax (ping). For example every 60 seconds. Unless browser not close, session will never expire (for me its best solution)
5) Use ajax for from submit, if session expire pop a dialog box for re-login
There could be another options of course
You could go for the following:
User logged in
User starts to fill out a form
Session expires
User submits a form
Server sees session has expired
Server creates new session
Server stores post in session variable $_SESSION['post'] = $_POST
User redirected to login page
User logs in
Server verifies user etc
Server checks for data in $_SESSION['post']
Server sets $_POST = $_SESSION['post']
Form posted on behalf of user